gag.c

一个扫描是否有Stacheldraht禁止服务攻击的程序

/*
 * gag $Revision: 2.9 $ - a stacheldraht agent detector
 * 
 * Essentially just rearranged stacheldraht source code.
 * 
 * Original code Copyright David Dittrich and the University of Washington,
 * 1/1/2000.
 *
 * Contact <dittrich@cac.washington.edu> for permission to modify
 * or redistribute.
 * 
 * (Stolen from ideas by George Weaver <gmw@psu.edu>)
 *
 * Code formatting and debug, improved options processing,
 * Marcus J. Ranum, Jan 2, 2000 mjr@nfr.net
 *
 */

#if YOU_HAVE_NOT_READ_THIS_YET

This software should only be used in compliance with all applicable laws and
the policies and preferences of the owners of any networks, systems, or hosts
scanned with the software

The developers and licensors of the software provide the software on an "as
is" basis, excluding all express or implied warranties, and will not be liable
for any damages arising out of or relating to use of the software.

THIS SOFTWARE IS MADE AVAILABLE "AS IS", AND THE UNIVERSITY OF WASHINGTON
DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, WITH REGARD TO THIS SOFTWARE,
INCLUDING WITHOUT LIMITATION ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE, AND IN NO EVENT SHALL THE UNIVERSITY OF
WASHINGTON BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, TORT (INCLUDING NEGLIGENCE) OR STRICT LIABILITY, ARISING
OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.  

#endif

#define GAG "gesundheit!"
#define VERSION "$Revision: 2.9 $"

#include <stdlib.h>
#include <ctype.h>
#include <signal.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/wait.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <netinet/ip_icmp.h>

/* The two arrays below are for address range calculations.  They
   should have been automatically generated, but
   1) I am lazy.
   2) There are a few special cases in them.

   I will not scan more than a /16.  When we do scan a CIDR block, we
   assume that it actually is a CIDR block, and do not scan the
   network or broadcast address.
   
   */

static unsigned long MaskBits[] = {
  0x00000000,			/* /0 */
  0x00000000,			/* /1 */
  0x00000000,			/* /2 */
  0x00000000,			/* /3 */
  0x00000000,			/* /4 */
  0x00000000,			/* /5 */
  0x00000000,			/* /6 */
  0x00000000,			/* /7 */
  0x00000000,			/* /8 */
  0x00000000,			/* /9 */
  0x00000000,			/* /10 */
  0x00000000,			/* /11 */
  0x00000000,			/* /12 */
  0x00000000,			/* /13 */
  0x00000000,			/* /14 */
  0x00000000,			/* /15 */
  0xffff0000,			/* /16, Class B */
  0xffff8000,			/* /17, 128 * Class C */
  0xffffc000,			/* /18, 64 * Class C */
  0xffffe000,			/* /19, 32 * Class C */
  0xfffff000,			/* /20, 16 * Class C */
  0xfffff800,			/* /21, 8 * Class C */
  0xfffffc00,			/* /22, 4 * Class C */
  0xfffffe00,			/* /23, 2* Class C */
  0xffffff00,			/* /24, Class C */
  0xffffff80,			/* /25, 128 hosts */
  0xffffffc0,			/* /26, 64 hosts */
  0xffffffe0,			/* /27, 32 hosts */
  0xfffffff0,			/* /28, 16 hosts */
  0xfffffff8,			/* /29, 8 hosts */
  0xfffffffc,			/* /30, 4 hosts (PPP link) */
  0xfffffffe,			/* /31, invalid */
  0xffffffff,			/* /32, host */
};

static int NumHosts[] = {
  0, 0, 0, 0,
  0, 0, 0, 0,
  0, 0, 0, 0,
  0, 0, 0, 0,			/* don't scan more than a /16 */
  65534,			/* These are all -2 so that we don't
				   scan the broadcast addr or the
				   network addr */
  32766,
  16382,
  8190,
  4094,
  2046,
  1022,
  510,
  254,
  126,
  62,
  30,
  14,
  6,
  2,
  0,
  1,
};

extern	char		*optarg;

struct ippkt {
	struct ip       ipi;
	struct icmp     icmpi;
	char            buffer[1024];
} pkt;

static unsigned short	ip_sum(u_short *,int);
static void		listener();
static int		usage();

static int		vflg = 0;	/* verbosity */
static int		dflg = 0;	/* debugging */


int 
main(int argc, char **argv)
{
	int             pid, host;
	char            target[128];
	unsigned long	target_host;
	struct in_addr  target_ip;
	int		mask;
	char *		mask_ptr;
	int		result;
	int		ssock;
	char            buf[1024];
	struct icmp    *icmpi = (struct icmp *)buf;
	struct sockaddr_in sa;
	int             i;
	char		*jnk1;
	char		*jnk2;
	int		sleepytime = 500;
	int		num_hosts;


	while((i = getopt(argc,argv,"vDs:")) != -1) {
		switch(i) {
		case 'v':
			vflg++;
			break;
		case 'D':
			dflg++;
			break;
		case 's':
			sleepytime = atoi(optarg);
			if(sleepytime <= 0) {
				fprintf(stderr,"WARNING: zero interping sleep time will probably overflow your system's transmit buffers and yield poor results\n");
				sleepytime = 1;
			}
			break;
		default:
			exit(usage());
		}
	}

	if(optind >= argc || argc - optind > 1)
		exit(usage());

	mask_ptr = strchr(argv[optind], '/');

	/* if a CIDR block is passed in */
	if (mask_ptr) {
	  *mask_ptr = '\0';
	  mask_ptr ++;
	  
	  sscanf(mask_ptr, "%d", &mask);
	  
	} else {
	  printf("No mask passed, assuming host scan (/32)\n");
	  mask = 32;
	}

		 
	result = inet_aton(argv[optind], &target_ip);

	if (result == 0) {
	  fprintf(stderr, "%s: Bad IP address: %s\n", argv[0],
		  argv[optind]);
	  exit(-1);
	}

	if (mask < 16) {
	  fprintf(stderr, "Bad Network Admin!  Bad!  Do not scan more than a /16 at once!\n");
	  exit(-1);
	}

	num_hosts = NumHosts[mask];

	if (num_hosts == 0) {
	  fprintf(stderr, "Cannot scan a /%d.  Exiting...\n", mask);
	  exit(-1);
	}
	
	if(vflg) {
	  printf("Mask: %d\n", mask);	
	  printf("Target: %s\n", inet_ntoa(target_ip));
	  printf("gag %s - scanning...\n\n", VERSION);
	}

	target_host = ntohl(target_ip.s_addr);
	target_host &= MaskBits[mask];

	target_ip.s_addr = htonl(target_host);

	if((pid = fork()) < 0) {
		perror("cannot fork");
		exit(1);
	}

	/* child side listens for return packets */
	if (pid == 0)
		listener();

	/* let's see if we can open a raw socket */
	if((ssock = socket(AF_INET, SOCK_RAW, 1)) < 0) {
		perror("cannot open raw socket");
		exit(1);
	}

	/* main ping loop - COULD be expanded to whole Internet but... */
	/* but that would be _very_ bad.... */
	while (num_hosts) {
	  if (mask != 32) {
	    target_host ++;
	  }
	  target_ip.s_addr = htonl(target_host);

	  num_hosts--;

	  if(vflg)
	    printf("Probing address %s\n", inet_ntoa(target_ip));
	  
			bzero(buf, sizeof(struct icmp) + sizeof(GAG));
			memcpy(buf + sizeof(struct icmp), GAG, sizeof(GAG));
			icmpi->icmp_type = 0;
			icmpi->icmp_hun.ih_idseq.icd_id = htons(668);
			icmpi->icmp_cksum = ip_sum((u_short *)icmpi,sizeof(struct icmp) + sizeof(GAG));
			sa.sin_family = AF_INET;
			sa.sin_addr.s_addr = target_ip.s_addr;

			if(dflg)
				fprintf(stderr,"Send to: %s\n",inet_ntoa(sa.sin_addr));

			/* send it */
			i = sendto(ssock,buf,sizeof(struct icmp)+sizeof(GAG),0,(struct sockaddr *)&sa,sizeof(sa));

			/* most likely can't find a route */
			if(i < 0) {
				char ebuf[128];
				sprintf(ebuf,"sendto %s",inet_ntoa(sa.sin_addr));
				perror(ebuf);
				break;
			}

			usleep(sleepytime);
		}
	(void)close(ssock);


	/* wait for any late responses */
	sleep(30);

	/* shut listener. if this fails the listener exits on its own */
	(void)kill(pid, SIGHUP);
	exit(0);
}


static	void	listener()
{
	int             isock;
	fd_set          fdset;
	struct timeval  timi;
	struct ippkt    packet;
	struct in_addr  amanda;

	/* child becomes a listener process */
	if ((isock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0) {
		perror("socket");
		exit(1);
	}

	timi.tv_sec = 1;
	timi.tv_usec = 0;
	while (1) {
		/* if parent has exitted, die */
		if(getpid() == 1)
			exit(0);

		FD_ZERO(&fdset);
		FD_SET(isock, &fdset);
		select(FD_SETSIZE, &fdset, NULL, NULL, &timi);
		usleep(100);
		memset((void *) &packet, 0, sizeof(struct ippkt));
		if (FD_ISSET(isock, &fdset)) {
			/* read data from listen socket */
			read(isock, (char *) &packet, sizeof(struct ippkt));
			amanda.s_addr = packet.ipi.ip_src.s_addr;
			if(dflg)
				fprintf(stderr,"listener got a packet\n");
			switch (ntohs(packet.icmpi.icmp_hun.ih_idseq.icd_id)) {
				/* ... */
			case 669:
				if (strstr(packet.buffer, "sicken") != NULL)
					printf("Received sicken from %s\n", inet_ntoa(amanda));
				else
					printf("Got a packet from %s\n",inet_ntoa(amanda));
			default:
				continue;
			}
		}
	}
}


/* standard IP checksum */
static unsigned short
ip_sum(u_short *addr, int len)
{
	register int    nleft = len;
	register u_short *w = addr;
	register int    sum = 0;
	u_short         answer = 0;

	while (nleft > 1) {
		sum += *w++;
		nleft -= 2;
	}
	if (nleft == 1) {
		*(u_char *) (&answer) = *(u_char *) w;
		sum += answer;
	}
	sum = (sum >> 16) + (sum & 0xffff);
	sum += (sum >> 16);
	answer = ~sum;
	return (answer);
}



static int
usage()
{
	fprintf(stderr,"usage: gag [options] <target>\n");
	fprintf(stderr,"target is CIDR block to scan in form:\n");
	fprintf(stderr,"\tA.B.C.D/mask\n");
	fprintf(stderr,"Options:\n");
	fprintf(stderr,"\t[-v] turns on verbosity\n");
	fprintf(stderr,"\t[-D] turns on debugging\n");
	fprintf(stderr,"\t[-s] sleep in ms\n");
	
	return(1);
}